'[security-announce] openSUSE-SU-2014:0982-1: important: chromium: update to 36.0.1985.125'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security-announce
Subject:    [security-announce] openSUSE-SU-2014:0982-1: important: chromium: update to 36.0.1985.125
From:       opensuse-security () opensuse ! org
Date:       2014-08-11 8:09:58
Message-ID: 20140811080958.D01063218E () maintenance ! suse ! de
[Download RAW message or body]

   openSUSE Security Update: chromium: update to 36.0.1985.125
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0982-1
Rating:             important
References:         #882263 #882264 #882265 #887952 #887955 
Cross-References:   CVE-2014-3154 CVE-2014-3155 CVE-2014-3156
                    CVE-2014-3157 CVE-2014-3160 CVE-2014-3162
                   
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:


   Chromium was updated to version 36.0.1985.125. New Functionality:
   * Rich Notifications Improvements
   * An Updated Incognito / Guest NTP design
   * The addition of a Browser crash recovery bubble
   * Chrome App Launcher for Linux
   * Lots of under the hood changes for stability and performance

   Security Fixes (bnc#887952,bnc#887955):
   * CVE-2014-3160: Same-Origin-Policy bypass in SVG
   * CVE-2014-3162: Various fixes from internal audits, fuzzing and other
     initiatives and 24 more fixes for which no description was given.

   Packaging changes:
   * Switch to newer method to retrieve toolchain packages. Dropping the
     three naclsdk_*tgz files. Everything is now included in the
     toolchain_linux_x86.tar.bz2 tarball
   * Add Courgette.tar.xz as that the build process now requires some files
     from Courgette in order to build succesfully. This does not mean that
     Courgette is build/delivered.

   Includes also an update to Chromium 35.0.1916.153 Security fixes
   (bnc#882264,bnc#882264,bnc#882265,bnc#882263):
   * CVE-2014-3154: Use-after-free in filesystem api
   * CVE-2014-3155: Out-of-bounds read in SPDY
   * CVE-2014-3156: Buffer overflow in clipboard
   * CVE-2014-3157: Heap overflow in media


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2014-483

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-483

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.1 (i586 x86_64):

      chromedriver-36.0.1985.125-41.1
      chromedriver-debuginfo-36.0.1985.125-41.1
      chromium-36.0.1985.125-41.1
      chromium-debuginfo-36.0.1985.125-41.1
      chromium-debugsource-36.0.1985.125-41.1
      chromium-desktop-gnome-36.0.1985.125-41.1
      chromium-desktop-kde-36.0.1985.125-41.1
      chromium-ffmpegsumo-36.0.1985.125-41.1
      chromium-ffmpegsumo-debuginfo-36.0.1985.125-41.1
      chromium-suid-helper-36.0.1985.125-41.1
      chromium-suid-helper-debuginfo-36.0.1985.125-41.1

   - openSUSE 12.3 (i586 x86_64):

      chromedriver-36.0.1985.125-1.50.1
      chromedriver-debuginfo-36.0.1985.125-1.50.1
      chromium-36.0.1985.125-1.50.1
      chromium-debuginfo-36.0.1985.125-1.50.1
      chromium-debugsource-36.0.1985.125-1.50.1
      chromium-desktop-gnome-36.0.1985.125-1.50.1
      chromium-desktop-kde-36.0.1985.125-1.50.1
      chromium-ffmpegsumo-36.0.1985.125-1.50.1
      chromium-ffmpegsumo-debuginfo-36.0.1985.125-1.50.1
      chromium-suid-helper-36.0.1985.125-1.50.1
      chromium-suid-helper-debuginfo-36.0.1985.125-1.50.1


References:

   http://support.novell.com/security/cve/CVE-2014-3154.html
   http://support.novell.com/security/cve/CVE-2014-3155.html
   http://support.novell.com/security/cve/CVE-2014-3156.html
   http://support.novell.com/security/cve/CVE-2014-3157.html
   http://support.novell.com/security/cve/CVE-2014-3160.html
   http://support.novell.com/security/cve/CVE-2014-3162.html
   https://bugzilla.novell.com/882263
   https://bugzilla.novell.com/882264
   https://bugzilla.novell.com/882265
   https://bugzilla.novell.com/887952
   https://bugzilla.novell.com/887955

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic